We Keep Coding

I am using the following code for updating the table in mysql database. It ain't working [duplicate]

This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 6 years ago.
$query = "update admin set username = $username and password = $password where id = 1;
Any alternative to use this code with php?

You need to use quotes around the variables.
Try this:
$query = "UPDATE admin SET username = '".$username."', password = '".$password."' WHERE id = 1";
Hope this helps.
Peace! xD

num_rows issue with returning rows from SELECT query [duplicate]

This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I have an issue. I am trying to find out if a user's email already exists in the database here is my query:
$stmt1 = "select EmailAddress from customers where EmailAddress = ' .$emailaddress. '";
$result = $db->query($stmt1);
if($result->num_rows === 0){
$Err = "";
} else {
$Err = 'This user is already registered login instead.';
}
What am I doing wrong? I can't seem to get num_rows to return something I can work with. Shouldn't this query return 0 if no records are found or number of rows if there is a record?

Use :
$stmt1 = "SELECT EmailAddress FROM customers WHERE EmailAddress = '".$emailaddress."'";

UPDATE sql php variables [duplicate]

This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
When I use these statements works:
$sql = "UPDATE nametable SET column = '$number' WHERE username = '$text'";
$result = mysql_query($sql, $link) or die(mysql_error());
But, when I change 'column' to 'option1' like this:
$sql = "UPDATE nametable SET '$option1' = '$number' WHERE username = '$text'";
The query doesn't work. What's wrong with $option1? :/
Thanks!

column names must not be enclosed by quotes '
$sql = "UPDATE nametable SET " . $option1 . " = '$number' WHERE username = '$text'";

Php mysql query syntax error (Unknown field) [duplicate]

This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
include("db_connector.php");
$soru = "asdasds";
$tip = 1;
$soruId = 0;
$sql = "insert into sor (anketId,soruMetni,tip) values (".$_SESSION['anket'].",".$soru.",".$tip.")";
$islem = mysql_query($sql)or die(mysql_error());;
if(isset($islem))
{
$soruId = mysql_insert_id();
}else
{
header("refresh:2;sorular.php");
}
this code give an error like this : Unknown column 'asdasds' in 'field list'

You need to change the SQL statement in this:
$sql = "INSERT INTO `sor` (anketId,soruMetni,tip)
VALUES ('".$_SESSION['anket']."','".$soru."',".$tip.")";
Strings needs to be encapsulated with a single quote. :)

I just add ' before and after every variable in query. You cannot pass string to query without adding single quote '.
Change From:
$sql = "insert into sor (anketId,soruMetni,tip) values (".$_SESSION['anket'].",".$soru.",".$tip.")";
to :
$sql = "INSERT INTO `sor` (anketId,soruMetni,tip)
VALUES ('".$_SESSION['anket']."', '".$soru."', '".$tip."')";

Issue using grammar with PDO [duplicate]

This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 9 years ago.
Have a minor issue when updating records in MySQL using PDO. It fails to update when I use grammar so for an example, if I use: ' it fails me. I am using my prepare, but it's just the apostrophe that fails to work?
if($_POST['ourstory']) {
foreach($_POST['ourstory'] as $id => $ourstory) {
$sql = "UPDATE our_story SET content = '$ourstory' WHERE id = '$id'";
$q = $db->prepare($sql);
$q->execute(array($id,$ourstory));
}
}

That's not how you use prepared statements. You want to use a ? in your query.
$sql = "UPDATE our_story SET content = ? WHERE id = ?";
$q = $db->prepare($sql);
$q->execute(array($ourstory, $id));